BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

5 steps to securing the small business (that don’t cost a penny)

Posted May 1, 2013    Andy Clark

pennyFor many small businesses there are considerable restraints on both budget and personnel that can make implementing a good security practice feel like an insurmountable challenge. Recent news gives us a constant reminder of the threats we all face from hactivists, electronic espionage, and good old fashioned script kiddies out to cause damage. These threats are very real and it makes good business sense to reduce your attack surface as much as possible. However, picking the right solution can become a daunting task, especially because of the heavy impact these solutions (and their implementation) can put on already tight margins. With that in mind, here are five steps that any business can take to improve security, without spending a penny.

1. Configuration

Let’s start with the basics. Configuring an environment is not just simply plugging everything together and letting it run. However, by making changes and implementing best practice on your network, operating systems, and applications you can significantly reduce your attack surface. BeyondTrust Research has produced a white paper In Configuration We Trust that includes guidance about how you can go about implementing some of these changes. To make life that little bit easier we’ve also produced a free tool that helps you assess your environment for some of the common configuration issues. Both of these free tools are available for download here.

2. Vulnerability Management

All systems have vulnerabilities. There I said it. Sadly this is a product of both human error and human ingenuity. The combination of mistakes made by developers and the increasing ingenuity of the hacker community has led to an inexorable rise in the number of exploitable vulnerabilities that are discovered and announced. Black market exploit tool kits are making it almost childishly simple for attackers to discover and exploit weaknesses in existing systems. It is every organization’s responsibility to keep their environment secure but to do this you need to know what holes exist. Vulnerability management is a great step towards achieving this goal. Retina CS Community edition is a free vulnerability management solution that can scan up to 256 assets and identify any vulnerabilities in configuration, operating system, and installed applications. The solution covers not just servers and desktops but databases, web applications and mobile devices. It also includes data on known exploits in the wild. Knowledge is power, go get some. Download Retina CS Community Free Now.

3. IDS

An Intrusion Detection System is one of those things that many organizations think they should have but never really understand. The solution is designed to track all of the network traffic in and out of your organization and highlight those instances that may be evidence of an attack. Network based appliances can be very expensive but there is an excellent open source alternative. Developed by Sourcefire, Snort®, is an open source network intrusion prevention and detection system (IDS/IPS). Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS. All that is required is a system to host it. Snort can be found here.

4. Antivirus

There are many, many antivirus solutions available and they all have their pro’s and con’s. Since we’re going for free here there are a couple of options to consider. Assuming you’re running a Microsoft Windows platform you will have access to Microsoft’s Security Essentials. It’s by no means the best of the bunch but since it comes pre-installed it’s very easy to get started with. If you’re looking for something that has more advanced protection, then may I suggest the rather excellent Avast free antivirus, which can be found here. One thing to consider is that most malware attacks are looking to leverage elevated privileges, so by removing these you can decrease your vulnerability surface area considerably. BeyondTrust’s PowerBroker for Windows solution snaps into your existing active directory structure and allows you to elevate applications and processes at a very granular level, effectively removing administrator rights throughout your organization. For more information about PowerBroker for Windows and to begin a free trial visit us here.

 5. Education

All of the solutions I have described above are designed to mitigate risk from a technical perspective and are all very capable of doing so. However they cannot entirely protect you from the threat of social engineering. Phishing attacks are on the rise and these can be either very broad in scope or highly targeted against individuals. The value of an educated workforce that understands the risks cannot be underestimated. Whether it’s a bored office junior browsing the wrong websites or a CEO receiving individually crafted malicious emails, an understanding of the inherent risks of data leakage can greatly improve your response to attacks. Security-aware cultures are not created overnight and it will take time and effort on everyone’s part to achieve. This dedication is always worth the investment. To help make your program a success, SANS has some excellent free resources here.

Tags:
, , , , , , , , ,

Leave a Reply

Additional articles

How To Implement The Australian Signals Directorate’s Top 4 Strategies

Posted October 20, 2014    Morey Haber

The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate, has developed a list of strategies to mitigate targeted cyber intrusions. The recommended strategies were developed through ASD’s extensive experience in operational cyber security, including responding to serious security intrusions and performing vulnerability assessments and penetration testing for Australian government agencies. These recommendations…

Tags:
, , , ,
asp-mvc

Exploiting MS14-059 because sometimes XSS is fun, sometimes…

Posted October 17, 2014    BeyondTrust Research Team

This October, Microsoft has provided a security update for System.Web.Mvc.dll which addresses a ‘Security Feature Bypass’. The vulnerability itself is in ASP.NET MVC technology and given its wide adoption we thought we would take a closer look. Referring to the bulletin we can glean a few useful pieces of information: “A cross-site scripting (XSS) vulnerability exists…

Tags:
4bestpracticesaudits-blog

Four Best Practices for Passing Privileged Account Audits

Posted October 16, 2014    Chris Burd

Like most IT organizations, your team may periodically face the “dreaded” task of being audited. Your process for delegating privileged access to desktops, servers, and infrastructure devices is a massive target for the auditor’s microscope. An audit’s findings can have significant implications on technology and business strategy, so it’s critical to make sure you’re prepared…

Tags:
, , , ,